Knowledge Library

Seller beware: compliance could put smaller retailers at serious risk

Its been a tough few years on the compliance front with retailers confronted with the requirements of the Consumer Protection Act (CPA), the Payment Card Industry (PCI) security requirements and, most recently, the promulgation of the Protection of Personal Information Act (POPI).

All off the laws have been implemented in order to protect the consumer, secure their information and limit the ability for that information to be used for nefarious purposes, or to engage with consumers without their express consent.

There is no doubt that regulating for the consumer is a good thing. By ensuring consumers rights and information are protected, we are creating an environment where customers are more confident to hand over their information and transact electronically. However, reaching compliance can be a significant challenge, especially for the smaller retailers, explains Angelina dos Santos-Barrett, Customer Engagement Product Manager at Innervation Value Added Services.

The Protection of Personal Information Act (POPI) was signed into law on November 26 2013. POPI essentially regulates how anyone who processes personal information must manage, store and secure that information.

Despite its harmless sounding acronym, POPI has substantial penalties. Anyone who contravenes POPIs provisions faces possible prison terms and fines of up to R10 million. More than that, POPI also allows individuals to institute civil claims so there may be the possibility of further financial loss for wayward retailers.

Simply put, POPI is designed to prevent the negligent disclosure of personal information.

This means that an organisation can only capture, use or store a customers personal information with their express consent. While this sounds simple enough, POPI becomes fairly complex when you look at what the definitions of information are. This could be anything as obvious as your name, address and ID number. It applies to electronic identifiers such as email addresses, cellphone numbers and social media handles. It takes into account medical, financial and educational history. But it also includes things like personal opinions, sexual orientations, religious affiliation and any other information relating to individuals.

The type of information that is being protected is precisely the type of information marketers are looking for when designing campaigns. For retailers this will have implications on many aspects, including loyalty programmes and gift carding, explains dos Santos-Barrett.

Compliance to POPI does not stop at securing the data. Retailers will need to make sure that the information they have is accurate, up to date and that as soon as they no longer require it for a specific purpose, the information is destroyed according to the Acts requirements.

The Act essentially enables consumers to be in control of their own information, allowing them to choose who has it and for what purpose. Many companies are trying to find ways to allow greater control by encouraging customers to update and maintain their own information, which seems to be the sensible route to go. The trick, of course, comes in finding IT solutions which makes managing compliance simpler and more efficient, while meeting all the requirements, says dos Santos-Barrett.

POPI, along with PCI standards and the CPA have forced retailers into a complex compliance arena which could have considerable financial implications. Companies will have a year to get their house in order.

That means setting up adequate security as well as training staff to oversee the gathering, storing and appropriate use of customers information. While this is a headache for larger retailers it could have a significant impact on smaller operations. It makes sense to work with service providers who have integrated as many of the compliance issues into their IT offering as possible and is by the nature of their business already compliant to the CPA and is certified as compliant the PCI security standard, dos Santos-Barrett concludes.

The countdown to the Black Friday and Cyber Monday sales has officially begun. With experts predicting shoppers will spend double the amount they did in 2015 – this year’s retail shopping bonanza is expected to be bigger than ever.

As the physical and digital worlds continue to merge, it is becoming clear that as a retailer it is all about that providing the consumer with that consistent brand experience to strengthen that relationship and help them in their path to purchase.